Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-32435
HistoryJun 23, 2023 - 12:00 a.m.

CVE-2023-32435

2023-06-2300:00:00
ubuntu.com
ubuntu.com
31
memory corruption
macos ventura 13.3
safari 16.4
ios 16.4
ipados 16.4
arbitrary code execution
exploitation
javascriptcore
v8
unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.2%

A memory corruption issue was addressed with improved state management.
This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS
16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to
arbitrary code execution. Apple is aware of a report that this issue may
have been actively exploited against versions of iOS released before iOS
15.7.

Notes

Author Note
jdstrand webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchwebkit2gtk< 2.40.4-0ubuntu0.22.04.1UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

54.2%